Version 2.0.9f
- Quick update on Apache dynamic configuration as we noticed that starting on TufinOS3 and latest ToS Classic the PHP module is disabled by default.
The missing PHP module generates an error in the Templates manageent as it uses PHP to upload new templates.
This version brings a small fix into usp_template.conf at /etc/httpd/conf.d/ to solve this.
TODO
- Add new approach to list USP Templates from usp_templates folder
- Add extended exceptions support
- multiple source and/or destinations
- multiple services
- service ranges
- Fix unbalanced USP CSV import
- Push new USPs and rules updates to existing USPs into SecureTrack directly
- Add management of Zone contents and zones' hierarchy
- Push new zones into SecureTrack directly
- List and manage zone contents including Ancestor and Descendants zones
- Compliance Policies support
- Convert Compliance Policy into USP
- Compliance Migration: convert to USP, push USP to ST and delete Compliance Policy
- Delete USP Editor's USP templates
- Make it Domain aware:
- change current domain thru API
- push contents (usp, zones, cloud tag policies) thru API
- Cloud tag policy management and support
Previous versions -----------------------
Version 2.0.9e
- Quick update on USP Templates due to import errors on imap, pop-2, pop-3 and pptp-tcp services.
Version 2.0.9c
Noticed that starting on R21-1 RC1 the DirectoryIndex global statement was changed to 'index_z.htm' instead of 'index.htm index.html.var' .
The php package still allowing 'index.php' to be called as the folder.
That impacts the access to USP Editor 'index.htm' that links to usp.php .
The version 2.0.9c brings an updated usp_templates.conf file which is placed at /etc/httpd/conf.d by install script with a condition to accept back index.htm, index.html and index.php only when the USP Editor's folder is called.
Version 2.0.9b
Due to a TOS hardening from version R20-2GA and beyond, the Apache Auto Index module is desabled by default.
That impacts in disabling support for the USP Templates folder listing in USP Editor.
The version 2.0.9b brings an updated usp_templates.conf file which is placed at /etc/httpd/conf.d by install script with a condition to run specific apache directives only if the auto index module is running.
That will cover previous and future versions of TOS regarless if the Apache Auto Index module hardening is applied or not.
USP Editor version 2.0.10 is expected to bring a new approach for this feature.
Version 2.0.9a
Installation
- TufinOS3 and Tufin Orchestration Suite R20-2RC1 were tested and are supported!
- This version is required only on new deployments
Version 2.0.9
Exceptions
- Add condition to disable input of ip/mask or port/protocol and other flags if 'Is Any' is selected
- Fixed print of Comments and Status on list of existing exceptions
Installation
- Both local installations script required a full revision and are now ok.
- install.bash script fixed on updating Apache HTTPd configuration file
- dbinstall.bash script fixed on an invalid control block
Version 2.0.8f
General
- Fix on Back to Tools button
Version 2.0.8e
General
- Code refresh to work under /tools/USP_Editor/ folder
Regulation templates
- Fixed usp upload page after submitting new regulation template
- Add file permissions and ownership of uploaded regulation templates with chmod(), chown() and chgrp()
Version 2.0.8d
Exceptions
- Fixed current exception dupe listing
- Fixed additional exclamation mark sign display at Grid to visually show exceptions
General
- Prevent favicon.ico load error
Version 2.0.8c
Import CSV
- Disable case sensitivity while importing severity and rule properties statements
Exceptions
- Fixed exclamation mark sign display at Grid to visually show exceptions
- Fixed exception details box floating over Grid
- At rules properties edit window->Exceptions tab, prevent domain and a solo '0' to be printed
- Fixed add exception routines to support new API JSON format from R18
Version 2.0.8b
General
- Moved all remote calls to .css and .js files to local copies due to problems on cloudflare and database.net sites
Version 2.0.8a
General
- Added online version check at USP Editor load with download links, version history and update instructions
- Updated About section to show readme at Notes and a manual online version check
Global Rules
- Added option to create an USP based on a single rule that is copied to all cells
USP Templates
- Changed wizard's steps order
- Added wizard instructions
- Fixed USP template untagged zones bypass logic
Version 2.0.7b
- Install.bash Google Drive download update
Version 2.0.7a
USP Templates
- Added Risk templates from Ethan Smart
Version 2.0.7
USP Templates
- Added new Tufin Risks templates
- Fixed Zones tag dialog to accept no value
- Fixed USP Templates upload code to accept line breaks on Instructions and Description fields
Version 2.0.6
Exceptions
- Fixed limitation while editing and adding exceptions on multiple domains
- now we follow the global exception list and it feeds a list of Domains with exceptions
General
- Fixed shading background of allow all and block all cells with exceptions
- Changed top menu design
- Manual Import/Export buttons moved to USP CSV debbuging
- Make sure that all regular operations loads online Zones, USPs and Exceptions as needed
- Manual load of Online Zones, USPs and Exceptions buttons moved to About
Version 2.0.5f
General
- Fixed Domain field when an online USP is selected to be edited
- Better rules properties display on USP cell's suspended description
USP Rule Edit dialog
- Better description of properties options and parameters
- New instructions on how to input Services
Exceptions
- Ommited exception listing title when no exceptions were yet created for the rule being edited
- Fixed selected Domain upon exception creation function
- New exceptions form is not being presented to local USPs under edition
- Due to limitations on create exception api usage, New exceptions form is also restricted current Domain's USP
Domain awareness
- Function to get the current domain was added
- Current x Working domain behaviour control while editing or creating USPs was added
Version 2.0.5e
General
- Fixed ToS version detection supporting R17-3, R18-x and beyond.
Version 2.0.5d
General
- R17.3 brings a new Admin Tools under Tomcat folder structure.
Fixed install.bash script to add support to the new Tools folder location
- Updated About and Instructions
- If current domain is All Domains, set it back to Default to avoid Zone import error
Version 2.0.5c
General
- Fixed print of a USP rule with no properties
- Avoid loading an online empty USP from server
Version 2.0.5b
Exceptions
- Fixed exceptions (!) icon display on grid
- Fixed direct push of exceptions to SecureTrack
- Fixed formatting of existing exceptions
- Added all supported exception’s options
Version 2.0.5a
Regulation templates
- Added SCADA systems ICS and OEE Compliance templates
Upload USP CSV from file
- Fixed displayed name for the uploaded USP
Version 2.0.5
Upload USP CSV from file
- New button and function to upload file to USP CSV textbox and then import it as usual
Regulation templates
- Add wizard with the following steps:
1) read server’s local files as ‘/tools/usp_template/[name].usp’ which has a common USP structure and header lines
to provide documentation metadata of the template:
#usp_name:
#usp_description:
#usp_untagged_zones:
#usp_author_name:
#usp_author_email:
#usp_author_version:
#usp_instructions:
2) present the list of available templates on screen and enable user to select from them
3) import template file to read it's header data, present on gui and wait for confirmation
4) ask for a name of the USP that will be created. Use usp_name as suggestions
5) ask for a tag to name new zones.
The real zones with network information should later be added as child of these zones
6) import template file using the inputed tag as suffix for zones listed on template, except for those on usp_no_taggable_zones
- Add routine to create templates including uploading a USP CSV and a form to fill the required metadata
General
- Start hiding USP and Zones CSV textboxes for a clean layout and offer buttons to show them for debugging
Version 2.0.4b
Zone management
- added icon closed to From/To to call add zone function
- added icon closed to each zone name row to call dialog to confirm zone removal
- fixed import_csv to remove zones
- fixed suggestion of new zone names on add zone function
- fixed rename zone check for zones already in use
- enforced a minimum of 2 zones per USP and added an alert about it when tries do delete one of the 2 left
USP Rule Edit dialog
- changed dialog title
- changed layout to better accommodate general settings, rule properties and services
- Rules Properties are now listed in two columns for the Properties and Parameters of 4 specific properties :
LAST_HIT_WITHIN: number of days
SOURCE_MAX_IP: maximum number of IPs as sources
DESTINATION_MAX_IP: maximum number of IPs as destinations
SERVICE_MAX_SERVICES: maximum number of services
- added properties parameters input validation to avoid non numeric values and if blank, returns 0
- fixed listing services when Access type is Allow All or Block All to prevent USP import failure
Import CSV
- fixed import of USP rules with properties that requires additional parameters
Export CSV
- fixed make_csv to support rules properties parameters
DOWNLOAD CSVs
- fixed name used while downloading files : use server USP name or new USP name (for USPs created thru this tool)
USP Zone rename dialog
- added text input validation to avoid invalid characters and consecutive blank spaces
- dialog only accepts valid names, otherwise user is forced to press Cancel
- new zone name are case insensitive compared with local and server existing zones
- if the new zone already exist it will use the existing name to prevent dupes. E.g.: dupes by lower/upper case
General
- Changed top menu layout to accommodate new and planned releases on 2.0.4
- added support to work within Nicolas’ Nextgen Tools 2.0.7
- fixed cell tool tip to include all rules properties parameters and to present None when nothing were defined
Version 2.0.3C
Global
- fixed font usage;
- fixed exception while moving mouse not over grid;
- changed get_zones() to store online zone in one array and keep offline zones in other array;
-> This will be used later at make_csv and download for a zone file with only the required new zones to be loaded at ST
- changed get_zones to populate server_zones with the list of online zones and join it to a local_zones to generate a unique list to be available on the GUI;
-> local_zones will be used to generate a zones.csv at export_csv
-> zone_list is the Gui zone for Renaming dialog
- fixed exception on load when there’s exceptions without existing USP reference;
e.g.: delete an USP before deleting exceptions
API /securetrack/api/security_policies/exceptions returns only below statement for these exceptions :
How ST Exceptions GUI presents this issue :
* This access exception does not apply because an object in the exception or the zone policy matrix was deleted
Example of a regular exception :
Default
Internet
Default
Internet
Teste
Top menu
- set a fixed layout in 2 lines for the top menu;
- added message at combo box for no USP on servers;
- added option to reset grid and csv output without reloading page;
-> this option will open a dialog requesting a name for the new USP to be later used at download
-> added an initial replacement for safe characters only to download valid filenames
Rename zone dialog
- added message at combo box to instruct the selection of another zone;
- added note about local zones that need to be created on SecureTrack before loading the USP;
- fixed selection of combo box to avoid presenting last selection;
- add renamed zones as unique items to local_zones list
Import CSV
- fixed import of USP using single (7 fields) and multiple (9 fields) domain schema
- added alert on empy CSV
Export CSV
- fixed make_csv to support spaces at domains and zones
- added zone.csv generation
Offline
- Added New USP button
- Fixed Rename zone to suppress combo box of online zones
Version 2.0.0
Antonio Costa started working on code maintenance and feature planning.